Configuring Smart Card Authentication Client

For more information, see the Smart Card Authentication Client Administrator’s Guide.

1. From the Embedded Web Server, access the configuration page for the application.

2. Configure the login screen.

   1. Select what login type to use.

   2. Set User Validation Mode to Active Directory.

   3. From the Validate Smart Card menu, select whether to prompt users for a PIN or a password after inserting a smart card.

3. Specify the domain or domains that are available for users to select during manual login.

4. Configure Kerberos authentication.

   1. Set Kerberos information to Use simple Kerberos setup.

   2. Specify the Kerberos realm as configured in the Active Directory.

   3. Specify the IP address or host name of the domain controller used for validation.

      Note: For multiple entries, use a comma to separate each IP address or host name.

   4. Specify the domain that is mapped to the Kerberos realm as specified in the Realm field.

      Note: For multiple entries, use a comma to separate each domain name.

5. Set Domain Controller Validation to Use device certificate validation, and then select Allow Unknown Status.

6. From the Advanced Settings section, do the following:

   1. Set Session User ID and E-mail From Address to LDAP Lookup.

   2. Select Wait for user information.

      Note: For more information, see the mouse-over help.

   3. From the Other User Attributes section, type the following LDAP attributes to use with other applications.

      Required attributes:

      • otherLoginWorkstations

      • otherloginworkstations

      Other attributes depending on the user name to use:

      • cn

      • sn

      • givenName

      Note: For multiple entries, use a comma to separate each attribute.

7. Apply the changes.